RE: Gateway problemas
Yes, i change my rc.conf already!! when i put my ipf.rules with pass in/out in all interfaces , i have internet ,but whith my rules i dont, so the problem have to be in dhcp traffic, this rule i put "pass in quick on ep1 proto udp from any to any port = 68 keep state keep frags" will be sufficient for DHCP traffic to function?! something is wrong with DHCP (cable connection) :( ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
Ok, i put these rules: pass in quick on ep0 all pass out quick on ep0 all pass in quick on ep1 all pass out quick on ep1 all pass in quick on lo0 all pass out quick on lo0 all and the firewall have now acess to the internet, so the problem is with my ipf.rules rules!! my nat rules are: map ep1 192.168.0.0/16 -> 0/32 portmap tcp/udp 1025:65000 map ep1 192.168.0.0/16 -> 0/32 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway problemas
Yes these rules will permit all traffic in and out. That's the point. It's process of elimination, and these rules intended to be temporary, and to rule out the possiblilty of your ruleset being the problem. Use them until you figure out what the real problem is. Now, what does your NAT ruleset look like? - Original Message - From: "geek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 8:48 PM Subject: RE: Gateway problemas I can't ping the outside world from my gateway, and dont have any type of acess from my gateway!! pass in quick on ep0 all pass out quick on ep0 all pass in quick on ep1 all pass out quick on ep1 all pass in quick on lo0 all pass out quick on lo0 all i put these rules, and then the rest of the rules that i have?! but this rules would permit every type of traffic under my network, isnt it ?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
I can't ping the outside world from my gateway, and dont have any type of acess from my gateway!! pass in quick on ep0 all pass out quick on ep0 all pass in quick on ep1 all pass out quick on ep1 all pass in quick on lo0 all pass out quick on lo0 all i put these rules, and then the rest of the rules that i have?! but this rules would permit every type of traffic under my network, isnt it ?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway problemas
>From what point in your network are you not able to connect? Can you ping the outside world from you gateway itself? Do you have your NAT ruleset written correctly? Use this for your ruleset (copy exactly): pass in quick on ep0 all pass out quick on ep0 all pass in quick on ep1 all pass out quick on ep1 all pass in quick on lo0 all pass out quick on lo0 all Use this ruleset until you have full connectivity, then go from there! - Original Message - From: "geek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 7:50 PM Subject: RE: Gateway problemas Yeah, i recompile my kernel with bpf and now pf is working, but it just works with the rules "pass in quick all / pass ou quick all", with the rules i post here first, it doesnt work, so, it's something wrong in my ruleset :( ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
Yeah, i recompile my kernel with bpf and now pf is working, but it just works with the rules "pass in quick all / pass ou quick all", with the rules i post here first, it doesnt work, so, it's something wrong in my ruleset :( ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway problemas - correction
My bad, I meant you need bpf for dhclient to work. - Original Message - From: "Mike Maltese" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "geek" <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 7:03 PM Subject: Re: Gateway problemas > You need bpf for IP Filter to work!! You can leave gif and faith commented > out. > > - Original Message - > From: "geek" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 15, 2003 6:21 PM > Subject: RE: Gateway problemas > > > Sorry that another post, but i release that i commented these options in my > kernel configuration: > > # pseudo-device gif > # pseudo-device faith > # pseudo-device bpf > > and these barkeley packet filtering related i read somewhere that > interefears in DHCP server/client, anyone can say if it can be affecting the > DHCP traffic ?! > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway problemas
You need bpf for IP Filter to work!! You can leave gif and faith commented out. - Original Message - From: "geek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 6:21 PM Subject: RE: Gateway problemas Sorry that another post, but i release that i commented these options in my kernel configuration: # pseudo-device gif # pseudo-device faith # pseudo-device bpf and these barkeley packet filtering related i read somewhere that interefears in DHCP server/client, anyone can say if it can be affecting the DHCP traffic ?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
Sorry that another post, but i release that i commented these options in my kernel configuration: # pseudo-device gif # pseudo-device faith # pseudo-device bpf and these barkeley packet filtering related i read somewhere that interefears in DHCP server/client, anyone can say if it can be affecting the DHCP traffic ?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
I try and change my ruleset for pass in all pass out all and i reboot the machine, and i haven't internet access anyway, so, i say something wrong, i dont have internet probably since i re-compile my kernel, so IPFILTER_DEFAULT_BLOCK can be making all this trouble to me?! and not the rules, right?! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway problemas
> block in log all > block out log all You don't need these since you used IPFITLER_DEFAULT_BLOCK (per your last message). If you want to log blocked traffic, add block in log quick on ep1 all at the end of your rules for that interface. You may want to try setting all interfaces to pass in/out quick until you achieve connectivity. > hostname="" > ifconfig_rl0="DHCP" > ifconfig_rl1="192.168.0.0" > kern_securelevel_enable="NO" > sendmail_enable="NONE" > sshd_enable="YES" > usbd_enable="YES" > inetd_enable="NO" > portmap_enable="NO" > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipnat_enable="YES" > ipnat_rules="/etc/ipf.rules" > ipmon_enable="YES" > ipmon_flags="-Dsn" You're missing gateway_enable="YES". Do a sysctl net.inet.ip.forwarding to ensure that this sysctl is indeed set to 1. Then you don't need the entry is sysctl.conf. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Gateway problemas
I forgot to say the options i put when i recompile the kernel: options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK options RANDOM_IP_ID ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
